Comment by vorsken
3 days ago
Interesting approach to sandboxing. One thing I've been thinking about in this space: even with sandboxed execution, the generated code still needs to pass security policy checks before it merges. Static analysis catches a different class of issues than runtime sandboxing — they seem complementary rather than competing.
I agree, I do see static analysis and runtime sandbox as complementary tools. Do you see static analysis tools performed by the agent itself inside the sandbox or via CI tools in the pull request itself (like github actions or buildkite)?